TechDogs-"Gradle Inc. Partners with GitHub To Improve Software Supply Chain Security"

Software Development

Gradle Inc. Partners with GitHub To Improve Software Supply Chain Security

By GlobeNewswire

GlobeNewswire
Overall Rating

SAN FRANCISCO, April 18, 2024 (GLOBE NEWSWIRE) -- Gradle Inc., the company behind Gradle Build Tool, the popular open-source Java build automation system, today announced a technical partnership with GitHub, the world’s leading AI-powered developer platform. Through the partnership, Gradle will integrate with GitHub to improve developer experience and promote best security practices among Gradle users. With this news, Gradle is also announcing its first integration from the new partnership, the Dependency Submission Action for Gradle, a feature to help users detect and manage vulnerabilities in project dependencies.

Over the past year, 91% of enterprises faced attacks to their software supply chains. Specifically, vulnerabilities in project dependencies are a major challenge, and it’s critical that developers are able to quickly detect potential security risks. Available for all Gradle projects on GitHub, the new Dependency Submission Action is an official, open-source GitHub action that generates complete and accurate information about dependencies. This allows developers using Gradle Build Tool to view their project dependencies in GitHub and receive GitHub Dependabot alerts when vulnerabilities are detected.

“Gradle is one of the most used build tools among GitHub users, and we're excited to continue to collaborate with them to improve supply chain security for the Gradle community. These updates to the Gradle Build Action will help millions of GitHub users improve the security of their apps by giving them better insights into their dependencies,” said Jon Janego, Senior Product Manager at GitHub.

Now, the many developers using Gradle Build Tool via GitHub can integrate Gradle Build Tool and GitHub vulnerability alerts and management tools to more easily ensure their software supply chains are secure.

“At Gradle, we’re focused on minimizing process bottlenecks and maximizing developer productivity,” said Piotr Jagielski, VP of Engineering at Gradle, Inc. “We’re excited to now officially partner with GitHub, one of the world's largest open-source ecosystems, to help developers streamline their workflows and protect their supply chain—all while bettering their developer experience.”

To learn more, visit the Gradle blog.

About Gradle
Gradle Inc. is the company behind the popular open-source Gradle Build Tool, which is downloaded over 40 million times a month, and the provider of the leading software solution for improving developer productivity and happiness called Develocity. Gradle is also pioneering the emerging practice of Developer Productivity Engineering. Elite development teams from companies like Netflix, LinkedIn, ASML, Airbnb, Microsoft, Nasdaq, SAP, and others, practice DPE to deliver quality software more rapidly at scale. They achieve this by leveraging Develocity’s innovative build and test performance acceleration technologies and analytics to proactively improve the reliability of the developer toolchain and make failure troubleshooting more efficient.

Contact
LaunchSquad for Gradle, gradle@launchsquad.com

First published on Thu, Apr 18, 2024

Enjoyed what you've read so far? Great news - there's more to explore!

Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.

Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.

Dive into TechDogs' treasure trove today and Know Your World of technology!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment